Wordfence Intelligence   >   Vulnerability Researchers   >   Ram

Ram

Organization: Wordfence

15
All Time Ranking
149
All Time Discoveries

1 Achievement

Learn more about Achievements
Wordfence Vulnerability Researcher
Wordfence Vulnerability Researcher
November 8, 2023
Learn more Learn more about Achievements

Showing 1-20 of 149 Vulnerabilities

Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_first_name' shortcode
4.3
CVE-2023-0689
Aug 30, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
FULL - Customer <= 2.2.3 - Authenticated(Subscriber+) Information Disclosure via Health Check
4.3
CVE-2023-4242
Aug 8, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_payment_status' shortcode
4.3
CVE-2023-0692
Jun 8, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf_last_name shortcode
4.3
CVE-2023-0691
Jun 8, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Getwid – Gutenberg Blocks <= 1.8.3 - Improper Authorization via get_remote_templates REST endpoint
4.3
CVE-2023-1910
Jun 6, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
VK Blocks <= 1.57.0.5 - Authenticated(Contributor+) Settings Update
4.3
CVE-2023-0584
Jun 2, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
VK Blocks <= 1.57.0.5 - Authenticated(Contributor+) Settings Update
4.3
CVE-2023-0583
Jun 2, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Shield Security <= 17.0.17 - Missing Authorization
4.3
CVE-2023-0993
Apr 25, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
OoohBoi Steroids for Elementor <= 2.1.4 - Missing Authorization leading to Authenticated (Subscriber+) Image Upload
4.3
CVE-2023-1169
Apr 18, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Under Construction <= 3.96 - Cross-Site Request Forgery via admin_action_install_weglot
4.3
CVE-2023-0832
Feb 10, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Under Construction <= 3.96 - Cross-Site Request Forgery via admin_action_ucp_dismiss_notice
4.3
CVE-2023-0831
Feb 10, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Template Kit Import
4.3
CVE-2022-4709
Jan 10, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Import Deletion
4.3
CVE-2022-4703
Jan 10, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Template Conditions Modification
4.3
CVE-2022-4708
Jan 10, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Menu Settings Update
4.3
CVE-2022-4711
Jan 10, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Template Activation
4.3
CVE-2022-4705
Jan 10, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Royal Elementor Addons <= 1.3.59 - Cross-Site Request Forgery to Menu Template creation
4.3
CVE-2022-4707
Jan 10, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Plugin Activation
4.3
CVE-2022-4701
Jan 10, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
BackupWordPress <= 3.12 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure
4.3
CVE-2022-4931
Feb 23, 2022
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Advanced Access Manager <= 6.6.1 - Authenticated Information Disclosure
4.3
CVE-2020-35934
Aug 20, 2020
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Title CVE ID CVSS Vector Date
Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_first_name' shortcode CVE-2023-0689 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N August 30, 2023
FULL - Customer <= 2.2.3 - Authenticated(Subscriber+) Information Disclosure via Health Check CVE-2023-4242 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N August 8, 2023
Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_payment_status' shortcode CVE-2023-0692 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N June 8, 2023
Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf_last_name shortcode CVE-2023-0691 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N June 8, 2023
Getwid – Gutenberg Blocks <= 1.8.3 - Improper Authorization via get_remote_templates REST endpoint CVE-2023-1910 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N June 6, 2023
VK Blocks <= 1.57.0.5 - Authenticated(Contributor+) Settings Update CVE-2023-0584 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N June 2, 2023
VK Blocks <= 1.57.0.5 - Authenticated(Contributor+) Settings Update CVE-2023-0583 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N June 2, 2023
Shield Security <= 17.0.17 - Missing Authorization CVE-2023-0993 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N April 25, 2023
OoohBoi Steroids for Elementor <= 2.1.4 - Missing Authorization leading to Authenticated (Subscriber+) Image Upload CVE-2023-1169 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N April 18, 2023
Under Construction <= 3.96 - Cross-Site Request Forgery via admin_action_install_weglot CVE-2023-0832 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N February 10, 2023
Under Construction <= 3.96 - Cross-Site Request Forgery via admin_action_ucp_dismiss_notice CVE-2023-0831 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N February 10, 2023
Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Template Kit Import CVE-2022-4709 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N January 10, 2023
Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Import Deletion CVE-2022-4703 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L January 10, 2023
Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Template Conditions Modification CVE-2022-4708 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N January 10, 2023
Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Menu Settings Update CVE-2022-4711 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N January 10, 2023
Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Template Activation CVE-2022-4705 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N January 10, 2023
Royal Elementor Addons <= 1.3.59 - Cross-Site Request Forgery to Menu Template creation CVE-2022-4707 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N January 10, 2023
Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Plugin Activation CVE-2022-4701 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N January 10, 2023
BackupWordPress <= 3.12 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure CVE-2022-4931 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N February 23, 2022
Advanced Access Manager <= 6.6.1 - Authenticated Information Disclosure CVE-2020-35934 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N August 20, 2020

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation